Updates have been issued by Apple for the out-of-bounds write zero-day flaw, tracked as CVE-2025-43300, following its exploitation in an "extremely sophisticated" and highly targeted cyber intrusion, BleepingComputer reports.
Malicious actors could leverage the vulnerability which was discovered within the Image I/O framework and affects several generations of iPhones, iPads, and Macs to crash programs, corrupt data, and enable remote code execution, according to Apple. "An out-of-bounds write issue was addressed with improved bounds checking. Processing a malicious image file may result in memory corruption," said Apple. Organizations and individuals using vulnerable Apple devices have been urged to immediately update to iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8. Such an issue marks the sixth actively exploited zero-day bug resolved by Apple so far this year, which matches the total number of abused zero-days fixed by the company last year.
Malicious actors could leverage the vulnerability which was discovered within the Image I/O framework and affects several generations of iPhones, iPads, and Macs to crash programs, corrupt data, and enable remote code execution, according to Apple. "An out-of-bounds write issue was addressed with improved bounds checking. Processing a malicious image file may result in memory corruption," said Apple. Organizations and individuals using vulnerable Apple devices have been urged to immediately update to iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8. Such an issue marks the sixth actively exploited zero-day bug resolved by Apple so far this year, which matches the total number of abused zero-days fixed by the company last year.




